Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What Is This Registry Entry?


  • Please log in to reply
8 replies to this topic

#1 YaDaYaDa

YaDaYaDa

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 15 December 2007 - 04:37 PM

This is my first post with this forum.
I have searched prevoius posts to see if I could find a fix for this. My desktop has been hijacked and is displaying only a colored background. Desktop properties are disabled.

I did try some of the other advice for similar infections and had limited success. I downloaded SmitFraudFix and got access to properties back. (It looks to me like the alternate desktop is hiding underneath. )

My Trojan Remover scan keeps giving me an alert.
The registry entry in question is: HKLM\SYSTEM\CurrentControlSet\services\SBAPIF. It is being called at bootup by C:\\Windows\System32\drivers\SBAPIFS.sys. Has anyone had any experience with this?

Running Windows XP.


Thank you in advance,
YaDaYaDa

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:01 PM

Posted 15 December 2007 - 09:28 PM

This may be the legitimate file from Sunbelt software. Are you using Counterspy?
I am always a bit leery of files loading in system32.

Please submit the file here and let us know what they say.
Virustotal
or
Jotti's malware scan
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 YaDaYaDa

YaDaYaDa
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 16 December 2007 - 09:43 AM

I do have CounterSpy loaded, however I downloaded that program after the Trojan Remover scanner picked up this file in the registery. It tells me that an executable file with this name "has not been found" and may not exist.

I have tried to delete this entry from the registery, but it reappears every time I reboot the computer.

How do I attach a screenshot of this scan to my post for you to view? I have seen others do this, but have not been able to figure out how on my own.

BTW, I did try sending the file to the above links, but the results screen said 0 bytes were transmitted.

Thanks,

Edited by YaDaYaDa, 16 December 2007 - 09:44 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:01 PM

Posted 16 December 2007 - 10:19 AM

How to Insert an Image into a Post
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 YaDaYaDa

YaDaYaDa
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 16 December 2007 - 05:49 PM

Posted Image

I have scanned my computer with all the recommended malware programs and still get this warning on startup. Please advise what steps if any to take next. I also have a screenshot of the desktop properties box, as it looks like it has been altered to me. I don't remember the desktop properties having a button to change the background color of the desktop before. When the desktop was hijacked this was the only button that was live. Everything else was frozen. This is the screenshot of Desktop Properties.
Posted Image

Thanks for your help,
YaDaYaDa

Edited by YaDaYaDa, 16 December 2007 - 06:20 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:01 PM

Posted 18 December 2007 - 11:18 PM

Sorry for the delay. I'm human and lose track of things sometime too.
The Properties box looks normal.
Try showing Hidden files and scan again.
How to show hidden files in Windows

Also download,install,update a scan from safe Mode with SUPERAntiSpyware,Delete/Quaratine ALL items found. Reboot to normal. Let us know.

Edited by boopme, 18 December 2007 - 11:22 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 YaDaYaDa

YaDaYaDa
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 25 December 2007 - 08:04 PM

Thank you for the response. I found the reason for the registry entry. I had downloaded a registry scanning program from the Kim Kommando website to try to find the problem with the desktop wallpaper . It found hundreds of potential problems, but would only fix them if I made a purchase. It is also a Sunbelt Software product, so must have written the suspect registry entry. The Trojan scanner thought it was a threat. I uninstalled the software and ran the SmitFraudFix. Everything seems fine. I own my desktop again. :thumbsup:

Thanks again,
YaDaYaDa

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:01 PM

Posted 25 December 2007 - 11:11 PM

Now you should Create a New Restore Point to prevent possibly restoring your PC to the problem state.

The easiest and safest way to do this is:
Go to Start > Programs > Accessories > System Tools and click "System Restore".
Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Then use Disk Cleanup to remove all but the most recently created Restore Point.
Go to Start > Run and type: Cleanmgr
Click "OK".
Click the "More Options" Tab.
Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,588 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:01 PM

Posted 26 December 2007 - 11:37 AM

I had downloaded a registry scanning program from the Kim Kommando website to try to find the problem with the desktop wallpaper . It found hundreds of potential problems, but would only fix them if I made a purchase.

Registry cleaners are extremely powerful applications. There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system unbootable.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results". Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly can have disastrous effects on your operating system such as preventing it from ever starting again. For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users